CN102118745A - Method and device for secure encryption for mobile payment data, and mobile phone - Google Patents
Method and device for secure encryption for mobile payment data, and mobile phone Download PDFInfo
- Publication number
- CN102118745A CN102118745A CN2011100086738A CN201110008673A CN102118745A CN 102118745 A CN102118745 A CN 102118745A CN 2011100086738 A CN2011100086738 A CN 2011100086738A CN 201110008673 A CN201110008673 A CN 201110008673A CN 102118745 A CN102118745 A CN 102118745A
- Authority
- CN
- China
- Prior art keywords
- data
- mobile payment
- signature
- card
- payment data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method and a device for secure encryption for mobile payment data, and a mobile phone. The device comprises a signature data writing unit, a signature data decryption unit, a signature processing unit, a signature data encryption unit, a signature data storage unit and a signature data reading unit; the signature data writing unit is used for writing the encrypted mobile payment data and the certificate password data which are transmitted through a mobile communication device into a virtual input file according to writefile commands; the signature data decryption unit is used for reading and decrypting the mobile payment data and the certificate password data; the signature processing unit is used for performing certification to the certificate password data and performing signature processing to the mobile payment data; the signature data encryption unit is used for performing encryption to the mobile payment data; the signature data storage unit is used for storing the encrypted and signed mobile payment data in a virtual output file; and the signature data reading unit is used for reading the encrypted and signed mobile payment data from the virtual output file and transmitting the encrypted and signed mobile payment data to the mobile communication device through an SD (Secure Digital) card interface. The hardware signature for the mobile payment data of mobile phone banking is realized, and the security of signature for the mobile phone is enhanced.
Description
Technical field
The present invention is about the hardware digital certificate technique, and particularly the hardware digital certificate technique about using on mobile devices such as mobile phone is a kind of mobile payment data security encryption method, device and mobile phone concretely.
Background technology
In the prior art, mobile banking service signature mode has following several:
(1) uses the soft certificate signature that leaves in the mobile phone EMS memory.Though this mode can realize digital signature function, the digital certificate of software view is very easy to give away secrets because of softwares such as wooden horse implanted in system vulnerability or the system, virus illegally read.
(2) the independent dynamic password generating apparatus of use short signature technology.Though this mode can realize basic signature function, its complex operation carries inconvenience, and production cost is higher, is unfavorable for promoting.
(3) digital certificate is stored in the SIM card.Though this mode can realize signature function, but this card need be issued by telecom operators, key has only telecom operators to write, and the interface of data is scarcely identical in the mobile phone reading SIM card of different model, bank need develop the driver of many moneys certificate read-write according to mobile phone model, fail safe is relatively poor, and it is big to promote difficulty.
Summary of the invention
The embodiment of the invention provides a kind of mobile payment data security encryption method, device and mobile phone, with the hardware signature of realization to Mobile banking's mobile payment data, and the fail safe that improves mobile phone signature.
One of purpose of the present invention is, a kind of mobile payment data security encryption method is provided, and this method comprises: receive the written document instruction that mobile communication equipment transmits by safe digital SD card; Instruction writes virtual input file with mobile communication equipment through mobile payment data of having encrypted and the cryptographic certificate data that described SD card transmits according to written document; From virtual input file, read the mobile payment data and the cryptographic certificate data of having encrypted, and carry out decryption processing; Cryptographic certificate data after the deciphering are authenticated by mobile payment data the sign processing of back after to deciphering; Mobile payment data to signature are carried out encryption; The mobile payment storage of the signature after encrypting is arrived virtual output file; Receive the file instruction of reading that mobile communication equipment transmits through the SD card; Send mobile communication equipment according to the mobile payment data of reading file instruction signature after the reading encrypted from virtual output file to through described SD card.
One of purpose of the present invention is, a kind of mobile payment data security encryption method is provided, and this method comprises: receive the mobile payment data that needs are signed by cordless communication network from bank server; Receive the cryptographic certificate data of user's input by user interface; Mobile payment data and cryptographic certificate data are carried out encryption; Mobile payment data and the cryptographic certificate data that to encrypt by safe digital SD card write virtual input file; From virtual input file, read the mobile payment data and the cryptographic certificate data of having encrypted, and carry out decryption processing; Cryptographic certificate data after the deciphering are authenticated by mobile payment data the sign processing of back after to deciphering; Mobile payment data to signature are carried out encryption; The mobile payment storage of the signature after encrypting is arrived virtual output file; Mobile payment data through SD card signature after the reading encrypted from virtual output file; Mobile payment data to the signature after encrypting are decrypted processing; The mobile payment data of the signature after the deciphering are sent to bank server through cordless communication network.
One of purpose of the present invention is, a kind of mobile payment data security encryption device is provided, this device comprises: the signed data writing unit, be used for receiving the written document instruction that mobile communication equipment transmits by safe digital SD card, instruction writes virtual input file with mobile communication equipment through mobile payment data of having encrypted and the cryptographic certificate data that the SD card transmits according to written document; The signed data decrypting device is used for reading the mobile payment data and the cryptographic certificate data of having encrypted from virtual input file, and carries out decryption processing; The signature processing unit is used for the cryptographic certificate data after the deciphering are authenticated by mobile payment data the sign processing of back after to deciphering; The signed data ciphering unit is used for the mobile payment data of signature are carried out encryption; The signed data memory cell is used for the mobile payment storage of the signature after encrypting is arrived virtual output file; The signed data sensing element is used for receiving the file instruction of reading that mobile communication equipment transmits through the SD card, sends mobile communication equipment according to reading file instruction mobile payment data of the signature after the reading encrypted from virtual output file to through the SD card.
One of purpose of the present invention is, provides a kind of mobile payment data security to encrypt mobile phone, and this mobile phone comprises: mobile phone body and mobile payment safe digital SD card; Mobile payment SD cartoon is crossed the SD card and is connected with mobile phone body; Mobile payment SD card comprises: mobile payment data download unit is used for receiving the mobile payment data that needs are signed by cordless communication network from bank server; The cryptographic certificate input unit is used for receiving the cryptographic certificate data that the user imports by user interface; First ciphering unit is used for mobile payment data and cryptographic certificate data are carried out encryption; The signed data writing unit, the mobile payment data and the cryptographic certificate data that are used for will having encrypted by safe digital SD card write virtual input file; Second decrypting device is used for reading the mobile payment data and the cryptographic certificate data of having encrypted from virtual input file, and carries out decryption processing; The signature processing unit is used for the cryptographic certificate data after the deciphering are authenticated by mobile payment data the sign processing of back after to deciphering; Second ciphering unit is used for the mobile payment data of signature are carried out encryption; The signed data memory cell is used for the mobile payment storage of the signature after encrypting is arrived virtual output file; The signed data sensing element is used for the mobile payment data through the signature of SD card after the virtual output file reading encrypted; First decrypting device is used for the mobile payment data of the signature after encrypting are decrypted processing; The signed data transmitting element is used for the mobile payment data of the signature after the deciphering are sent to bank server through cordless communication network.
Beneficial effect of the present invention is, has solved the problem of Mobile banking's hardware digital signature, and does not influence the normal function of use of former SD card.And the embodiment of the invention has adopted the special browser with personalisation interface, can guarantee customer data safety.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is an embodiment of the invention mobile payment data security encryption method flow chart;
Fig. 2 is an embodiment of the invention mobile payment data security encryption device structured flowchart;
Fig. 3 is the structure chart that embodiment of the invention mobile payment data security is encrypted the SD card;
Fig. 4 is the workflow diagram that embodiment of the invention mobile payment data security is encrypted the SD card;
Fig. 5 is the circuit diagram that embodiment of the invention mobile payment data security is encrypted the SD card;
Fig. 6 is the mobile phone mobile payment data security encryption method flow chart of the embodiment of the invention;
Fig. 7 is that embodiment of the invention mobile payment data security is encrypted the handset structure block diagram;
Fig. 8 is the structure chart that embodiment of the invention mobile phone mobile payment data security is encrypted the SD card;
Fig. 9 is the connection diagram that embodiment of the invention mobile phone and mobile payment data security are encrypted the SD card;
Figure 10 is that embodiment of the invention mobile payment data security is encrypted the operating handset flow chart;
Figure 11 is the browser structure figure that embodiment of the invention mobile phone mobile payment data security is encrypted the SD card.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
As shown in Figure 1, the mobile payment data security encryption method of present embodiment comprises: receive the written document instruction (step S101) that mobile communication equipment transmits by safe digital (SD) card; Instruction writes virtual input file (step S102) with mobile communication equipment through mobile payment data of having encrypted and the cryptographic certificate data that the SD card transmits according to written document; From virtual input file, read the mobile payment data and the cryptographic certificate data of having encrypted, and carry out decryption processing (step S103); Cryptographic certificate data after the deciphering are authenticated by mobile payment data the sign processing (step S104) of back after to deciphering; Mobile payment data to signature are carried out encryption (step S105); The mobile payment storage of the signature after encrypting is arrived virtual output file (step S106); Read file instruction (step S107) through what the SD card received that mobile communication equipment transmits; Send mobile communication equipment (step S108) according to the mobile payment data of reading file instruction signature after the reading encrypted from virtual output file to through the SD card.
As shown in Figure 2, the mobile payment data security encryption device of present embodiment comprises: signed data writing unit 101, be used for receiving the written document instruction that mobile communication equipment transmits by safe digital SD card, instruction writes virtual input file with mobile communication equipment through mobile payment data of having encrypted and the cryptographic certificate data that the SD card transmits according to written document; Signed data decrypting device 102 is used for reading the mobile payment data and the cryptographic certificate data of having encrypted from virtual input file, and carries out decryption processing; Signature processing unit 103 is used for the cryptographic certificate data after the deciphering are authenticated by mobile payment data the sign processing of back after to deciphering; Signed data ciphering unit 104 is used for the mobile payment data of signature are carried out encryption; Signed data memory cell 105 is used for the mobile payment storage of the signature after encrypting is arrived virtual output file; Signed data sensing element 106 is used for receiving the file instruction of reading that mobile communication equipment transmits through the SD card, sends mobile communication equipment according to reading file instruction mobile payment data of the signature after the reading encrypted from virtual output file to through the SD card.
As shown in Figure 3, the hardware of the mobile payment data security encryption device of present embodiment comprises a SD card, a single-chip microcomputer, a storage chip, an encryption and decryption module, a signature blocks and other peripheral cell.All elements are integrated in the shell of a mincro SD card size, make the mobile payment data security encryption device of present embodiment.
The inner functional modules such as main control module, SD card interface module, device personalisation interface module (that is: encryption and decryption module), memory module, signature blocks that realize by the inner microcode of single-chip microcomputer of mobile payment data security encryption device.
As shown in Figure 4, the main control module function: circulation is read in the SD card interface module " read buffering area ", according to " read buffer area " in mobile phone command dispatch each module.Concrete function is as follows:
The order of transmitting when the mobile phone of receiving from the SD card interface module is when reading general SD Cavan part, and the scheduling memory module is read the data in the pin-saving chip, delivers to then in the SD interface module;
When receive to judge whether this document is read-only file, if be read-only file when writing general SD Cavan part from the SD card interface module; then return the write-protect mistake; if be normal file, then dispatch memory module and write data in the storage chip, notify the SD interface module to operate successfully then.
The order of transmitting when the mobile phone of receiving from the SD card interface module is when writing the virtual file order, calling device personalisation interface module is decrypted processing to the data of receiving, behind the successful decryption, send signature blocks that the cryptographic certificate in the data is authenticated, authentication is signed to data to be signed in the data by the back, the successful data of signing are kept at signed data buffering area after device personalisation interface module encrypt, after the deciphering failure, the mark of signature is written to signed data buffering area, reads for mobile phone.
The order of transmitting when the mobile phone of receiving from the SD card interface module to fetching signed data in the signed data buffering area, returns to the SD card interface module when reading the virtual file order.
SD card interface module function: when mobile phone need be read and write the SD card, will be to the CLK of SD card port tranmitting data register signal, write data or by DATA port reading of data from the SD card by the CMD port to the SD card during clock signal of every transmission.This device is in when design, and the CLK port is linked into the interrupt interface INT0 of single-chip microcomputer, whenever mobile phone when the SD card sends a clock signal, singlechip interruption can be transferred this SD card interface module automatically.The order that sends according to mobile phone is preserved the data that this module reads maybe will write in the buffer memory in the buffer memory with the data of sending of mobile phone and is sent to mobile phone.
The memory module function: read write command that the reception main control module transmits and the data that will write, read or write data to memory module according to instruction.Storage chip is divided into three parts, is respectively: writable area, read-only region, inner area.The writable area zone of depositing file for the client wherein, the data client in this zone can freely read and write by mobile phone.Write-only area is bank's exclusive district; data in this zone can only be write when producing this SD card by bank; the client can't revise voluntarily; this zone generally is used for depositing client's special browser program; the client can check or move program in this zone by mobile phone; if but the client will report write protection error will revise or delete content in this zone the time.Inner area keeps the zone of using for this device oneself, and the client can't be by mobile phone access to this zone, and this zone can be used to preserve data such as signed data and customer's certificate.
Personalisation interface functions of modules (that is: encryption and decryption module): receive signature order and data that main control module transmits.The individual character decrypted program of this inside modules of The data is decrypted, and sends the data behind the successful decryption to signature blocks by main control module and carry out signature operation.Personalized decrypted program by the source code of known a plurality of cryptographic algorithm (as DES, 3DES, RC2, RC4, IDEA, DSA, AES, BLOWFISH, ElGamal, Diffie-Hellman, TEA, RAS) in a part, make up through random alignment, the complex encryption algorithm that generates, and generate unique key at random for every kind of algorithm.This algorithm permutation and combination method is to generate at random in this device production process, and compiling automatically, this algorithm and key with leave storage chip in browser personalisation interface module in the browser program of read-only region identical.Realize algorithm difference, the key difference of different devices, guaranteed that the client must use browser on this device could visit the signature blocks of this device.
Signature blocks function: identical with the signature blocks function of the USB-KEY that shows bank's use.After signature blocks receives the data to be signed that main control module transmits, use the RAS algorithm, according to client private key data are signed, after signature is finished, give main control module with the data back pass that generates.
As shown in Figure 5, single-chip microcomputer can use the 89C51 series monolithic, and the SD card directly links with single-chip microcomputer P1 mouth, is used to support single-chip microcomputer and SD cartoon to interrogate.Wherein the INT0 port of the CLK port of SD card and single-chip microcomputer links, and by the clock signal that inserts from mobile phone, calls singlechip interruption, reaches the function that receives or send data to mobile phone by interrupt routine control P1 mouth current potential.The P0 mouth of single-chip microcomputer connects the IO interface of storage chip, and the P2 mouth connects other port of storage chip (FLASH chip).When single-chip microcomputer need be read and write the data that are stored in the storage chip, transmit read write command by the P2 interface to storage chip, by the data in the P0 read-write storage chip.The X1 of single-chip microcomputer, X2 connect crystal oscillating circuit, and single-chip microcomputer RESET connects reset circuit.
As shown in Figure 6, the mobile payment data security encryption method of present embodiment comprises: the mobile payment data (step S201) that receive the needs signature by cordless communication network from bank server; Receive the cryptographic certificate data (step S202) of user's input by user interface; Mobile payment data and cryptographic certificate data are carried out encryption (step S203); Mobile payment data and the cryptographic certificate data that to encrypt by safe digital SD card write virtual input file (step S204); From virtual input file, read the mobile payment data and the cryptographic certificate data of having encrypted, and carry out decryption processing (step S205); Cryptographic certificate data after the deciphering are authenticated by mobile payment data the sign processing (step S206) of back after to deciphering; Mobile payment data to signature are carried out encryption (step S207); The mobile payment storage of the signature after encrypting is arrived virtual output file (step S208); Mobile payment data (step S209) through SD card signature after the reading encrypted from virtual output file; Mobile payment data to the signature after encrypting are decrypted processing (step S210); The mobile payment data of the signature after the deciphering are sent to bank server (step S2110) through cordless communication network.
As shown in Figure 7, the mobile payment data security of present embodiment encryption mobile phone comprises: mobile phone body and mobile payment safe digital SD card; Mobile payment SD cartoon is crossed the SD card and is connected with mobile phone body; Mobile payment SD card comprises: mobile payment data download unit 207 is used for receiving the mobile payment data that needs are signed by cordless communication network from bank server; Cryptographic certificate input unit 208 is used for receiving the cryptographic certificate data that the user imports by user interface; First ciphering unit 209 is used for mobile payment data and cryptographic certificate data are carried out encryption; Signed data writing unit 201, the mobile payment data and the cryptographic certificate data that are used for will having encrypted by safe digital SD card write virtual input file; Second decrypting device 202 is used for reading the mobile payment data and the cryptographic certificate data of having encrypted from virtual input file, and carries out decryption processing; Signature processing unit 203 is used for the cryptographic certificate data after the deciphering are authenticated by mobile payment data the sign processing of back after to deciphering; Second ciphering unit 204 is used for the mobile payment data of signature are carried out encryption; Signed data memory cell 205 is used for the mobile payment storage of the signature after encrypting is arrived virtual output file; Signed data sensing element 206 is used for the mobile payment data through the signature of SD card after the virtual output file reading encrypted; First decrypting device 210 is used for the mobile payment data of the signature after encrypting are decrypted processing; Signed data transmitting element 211 is used for the mobile payment data of the signature after the deciphering are sent to bank server through cordless communication network.
As shown in Figure 8, this mobile payment SD card 100 is as broad as long with a common mincro SD card in appearance.This this mobile payment SD card also provides memory function and browser module except digital signature function is provided, the client can use written or printed documents mobile payment SD card fully as a common SD card, do not change client's use habit.This mobile payment SD card can directly be inserted in the SD card of mobile phone, and is easy to carry.
As shown in Figure 9, the mobile payment SD card 100 of present embodiment mobile phone 200, adopt the SD card and the mobile phone of mobile phone support to carry out communication, data transmission procedure between all and mobile phone all is modeled to the file read-write operation, realizes the data signature operation by the virtual file that the java browser program that moves in mobile phone reads in the SD card.Because the overwhelming majority has the SD card and supports JAVA in the existing mobile phone, this SD card is very easy to promote.
1) the mobile payment SD card hardware circuit explanation of present embodiment mobile phone
This mobile payment SD card hardware comprises a SD card, a single-chip microcomputer, a storage chip and other peripheral cell.All elements are integrated in the shell of a mincro SD card size, make this device.Single-chip microcomputer can use the 89C51 series monolithic, and the SD card directly links with single-chip microcomputer P1 mouth, is used to support single-chip microcomputer and SD cartoon to interrogate.Wherein the INT0 port of the CLK port of SD card and single-chip microcomputer links.As shown in figure 10,, call singlechip interruption, reach the function that receives or send data to mobile phone by interrupt routine control P1 mouth current potential by the clock signal that from mobile phone, inserts.The P0 mouth of single-chip microcomputer connects the IO interface of storage chip, and the P2 mouth connects other port of FLASH chip.When single-chip microcomputer need be read and write the data that are stored in the storage chip, transmit read write command by the P2 interface to storage chip, by the data in the P0 read-write storage chip.The X1 of single-chip microcomputer, X2 connect crystal oscillating circuit, and single-chip microcomputer RESET connects reset circuit.
2) each module declaration in the mobile payment SD card
The inner functional modules such as main control module, SD card interface module, device personalisation interface module (encryption and decryption module), memory module, signature blocks that realize by the inner microcode of single-chip microcomputer of this mobile payment SD card.
The main control module function: circulation is read in the SD card interface module " read buffering area ", according to " read buffer area " in mobile phone command dispatch each module.Concrete function is as follows:
The order of transmitting when the mobile phone of receiving from the SD card interface module is when reading general SD Cavan part, and the scheduling memory module is read the data in the pin-saving chip, delivers to then in the SD interface module;
When receive to judge whether this document is read-only file, if be read-only file when writing general SD Cavan part from the SD card interface module; then return the write-protect mistake; if be normal file, then dispatch memory module and write data in the storage chip, notify the SD interface module to operate successfully then.
The order of transmitting when the mobile phone of receiving from the SD card interface module is when writing the virtual file order, calling device personalisation interface module is decrypted processing to the data of receiving, behind the successful decryption, send signature blocks that the cryptographic certificate in the data is authenticated, authentication is signed to data to be signed in the data by the back, the successful data of signing are kept at signed data buffering area after device personalisation interface module encrypt, after the deciphering failure, the mark of signature is written to signed data buffering area, reads for mobile phone.
The order of transmitting when the mobile phone of receiving from the SD card interface module to fetching signed data in the signed data buffering area, returns to the SD card interface module when reading the virtual file order.
SD card interface module function: when mobile phone need be read and write the SD card, will be to the CLK of SD card port tranmitting data register signal, write data or by DATA port reading of data from the SD card by the CMD port to the SD card during clock signal of every transmission.This SD is stuck in when design, and the CLK port is linked into the interrupt interface INT0 of single-chip microcomputer, whenever mobile phone when the SD card sends a clock signal, singlechip interruption can be transferred this SD card interface module automatically.The order that sends according to mobile phone is preserved the data that this module reads maybe will write in the buffer memory in the buffer memory with the data of sending of mobile phone and is sent to mobile phone.
The memory module function: read write command that the reception main control module transmits and the data that will write, read or write data to memory module according to instruction.Storage chip is divided into three parts, is respectively: writable area, read-only region, inner area.The writable area zone of depositing file for the client wherein, the data client in this zone can freely read and write by mobile phone.Write-only area is bank's exclusive district; data in this zone can only be write when producing this SD card by bank; the client can't revise voluntarily; this zone generally is used for depositing client's special browser program; the client can check or move program in this zone by mobile phone; if but the client will report write protection error will revise or delete content in this zone the time.Inner area is that this SD card oneself keeps the zone of using, and the client can't be by mobile phone access to this zone, and this zone can be used to preserve data such as signed data and customer's certificate.
SD card personalisation interface module (encryption and decryption module) function: receive signature order and data that main control module transmits.The individual character decrypted program of this inside modules of The data is decrypted, and sends the data behind the successful decryption to signature blocks by main control module and carry out signature operation.Personalized decrypted program by the source code of known a plurality of cryptographic algorithm (as DES, 3DES, RC2, RC4, IDEA, DSA, AES, BLOWFISH, ElGamal, Diffie-Hellman, TEA, RAS) in a part, make up through random alignment, the complex encryption algorithm that generates, and generate unique key at random for every kind of algorithm.This algorithm permutation and combination method is to generate at random in this device production process, and compiling automatically, this algorithm and key with leave storage chip in browser personalisation interface module in the browser program of read-only region identical.Realize algorithm difference, the key difference of different devices, guaranteed that the client must use browser on this device could visit the signature blocks of this SD card.
Signature blocks function: identical with the signature blocks function of the USB-KEY that shows bank's use.After signature blocks receives the data to be signed that main control module transmits, use the RAS algorithm, according to client private key data are signed, after signature is finished, give main control module with the data back pass that generates.
3) attainable function
This SD card not only has former SD card function, and a kind of special browser that can not be modified and signature function also are provided.
SD card function: when the client used mobile phone access SD card, intending a SD card by this SD snap gauge was customer service, the difference of imperceptible device of client and SD card.Do not influence the needs that the client normally uses the extension storage space, customer data is kept at read-write zone in the storage chip.
Special browser: be to be realization secure access Net silver, and in process of exchange, use this SD card signature and the custom-designed a java software that can on mobile phone, move.This software is stored in read-only zones in the storage chip, and the data in this zone can not be changed, and has guaranteed client-side program safety.During signature, the cryptographic certificate of client's input and client need to encrypt by browser personalisation interface module built-in in this software by the signed data that this software writes in the SD card; The data that read from the SD card all need to decipher by browser personalisation interface module built-in in this software (encryption and decryption module), the enciphering and deciphering algorithm of this personalisation interface module and key and this algorithm and key all in this device production process at random generation identical with personalisation interface module (encryption and decryption module), maintain secrecy fully externally, can guarantee illegitimate client can't with signature blocks communication (seeing Figure 11) in this SD card.
Signature function: in the SD card, fictionalize two files of input and output, respectively as the write and read interface of mobile phone and the communication of this device, when browser in the mobile phone writes data in the input file, give the processing of signing after the SD card personalized signature module decrypts with data, preserve then, when the client during reading of data, takes out data and gives mobile phone from the output file from the personalized signature module.
4) using method
When the client handles Mobile banking when opening an account business, can get this SD card from the cabinet face.The client can directly be installed to this SD card in the SD card slot on the mobile phone.At this moment, can in client's mobile phone, see the special browser associated documents that this device is built-in in the SD card catalogue, reach by the virtual input of this SD card, reach two files of output.
As shown in figure 11, when the client need pass through Mobile banking's transacting business, need by special browser program on the operation SD card, this program can be landed bank server automatically, and displaying related pages, when handling when needing signature service, mobile phone browser will be downloaded the data that need signature from bank server, point out the client to import cryptographic certificate then, call the browser personalisation interface module again the password of these data and client's input is encrypted, data encrypted is write in the file of file input by name on the SD card; After this SD card reads these data, after SD card personalisation interface module decrypts, send signature blocks that cryptographic certificate is authenticated, the processing of signing behind the authentication success, the data behind the signature are put in the inner area of storage area after encrypting through SD card personalisation interface.Browser is by reading the file in the inner area that just is saved in storage area from the output file, and decipher through browser personalisation interface (browser enciphering/deciphering module), data after obtaining signing, data after will signing then are sent to bank server through network, finish the once signed operation.According to concrete signature algorithm, a general business can realize with this device communication mode by disposable, also can pass through repeatedly to realize with this device communication mode.
5) use step
The using method of this device is divided into following steps:
Step 1: apply to get this SD card to bank's cabinet face.
Step 2: this SD card is put in the mobile phone SD card slot.
Step 3: move the special browser program in this SD card.
Step 4: handle payment transaction, as transferred account service, data such as input the other side number of the account, the amount of money.
Step 5: browser prompts client imports cryptographic certificate.
Step 6: automatic and this SD cartoon news of browser, finish the data signature operation.
The method of the application of the invention embodiment, device and mobile phone, in client's mobile device, deposit user's hardware digital certificate, adopt interface and mobile device to carry out communication, data transmission procedure between all and mobile device all is modeled to the file read-write operation, the mode that reads virtual file in mobile device by the browser program that moves realizes the data signature operation, thereby realized hardware signature, improved the fail safe of mobile payment signature mobile payment.
Used specific embodiment among the present invention principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (4)
1. mobile payment data security encryption method is characterized in that described method comprises:
Receive the written document instruction that mobile communication equipment transmits by safe digital SD card;
According to described written document instruction described mobile communication equipment is write virtual input file through mobile payment data of having encrypted and the cryptographic certificate data that described SD card transmits;
From described virtual input file, read described mobile payment data of having encrypted and cryptographic certificate data, and carry out decryption processing;
Authenticate deciphering back cryptographic certificate data, authentication is by the processing of signing of the mobile payment data of back after to deciphering;
Mobile payment data to signature are carried out encryption;
The mobile payment storage of the signature after encrypting is arrived virtual output file;
Receive the file instruction of reading that mobile communication equipment transmits through described SD card;
Send described mobile communication equipment according to the described mobile payment data of reading file instruction signature after the reading encrypted from described virtual output file to through described SD card.
2. mobile payment data security encryption method is characterized in that described method comprises:
Receive the mobile payment data that need signature from bank server by cordless communication network;
Receive the cryptographic certificate data of user's input by user interface;
Described mobile payment data and cryptographic certificate data are carried out encryption;
By safe digital SD card described mobile payment data of having encrypted and cryptographic certificate data are write virtual input file;
From described virtual input file, read described mobile payment data of having encrypted and cryptographic certificate data, and carry out decryption processing;
To mobile payment data after the deciphering and the processing of signing of cryptographic certificate data;
Mobile payment data to signature are carried out encryption;
The mobile payment storage of the signature after encrypting is arrived virtual output file;
Mobile payment data through described SD card signature after the reading encrypted from described virtual output file;
Mobile payment data to the signature after the described encryption are decrypted processing;
The mobile payment data of the signature after the deciphering are sent to described bank server through cordless communication network.
3. mobile payment data security encryption device is characterized in that described device comprises:
The signed data writing unit, be used for receiving the written document instruction that mobile communication equipment transmits, described mobile communication equipment write virtual input file through mobile payment data of having encrypted and the cryptographic certificate data that described SD card transmits according to described written document instruction by safe digital SD card;
The signed data decrypting device is used for reading described mobile payment data of having encrypted and cryptographic certificate data from described virtual input file, and carries out decryption processing;
The signature processing unit is used for the cryptographic certificate data after the deciphering are authenticated, and authentication is by mobile payment data the sign processing of back after to deciphering;
The signed data ciphering unit is used for the mobile payment data of signature are carried out encryption;
The signed data memory cell is used for the mobile payment storage of the signature after encrypting is arrived virtual output file;
The signed data sensing element, be used for receiving the file instruction of reading that mobile communication equipment transmits, send described mobile communication equipment to through described SD card according to the described mobile payment data of reading file instruction signature after the reading encrypted from described virtual output file through described SD card.
4. a mobile payment data security is encrypted mobile phone, and described mobile phone comprises: mobile phone body; It is characterized in that described mobile phone also comprises: mobile payment safe digital SD card;
Described mobile payment SD cartoon is crossed the SD card and is connected with described mobile phone body;
Described mobile payment SD card comprises:
Mobile payment data download unit is used for receiving the mobile payment data that needs are signed by cordless communication network from bank server;
The password input unit is used for receiving the cryptographic certificate data that the user imports by user interface;
First ciphering unit is used for described mobile payment data and cryptographic certificate data are carried out encryption;
The signed data writing unit is used for by safe digital SD card described mobile payment data of having encrypted and cryptographic certificate data being write virtual input file;
Second decrypting device is used for reading described mobile payment data of having encrypted and cryptographic certificate data from described virtual input file, and carries out decryption processing;
The signature processing unit is used for the cryptographic certificate data after the deciphering are authenticated by mobile payment data the sign processing of back after to deciphering;
Second ciphering unit is used for the mobile payment data of signature are carried out encryption;
The signed data memory cell is used for the mobile payment storage of the signature after encrypting is arrived virtual output file;
The signed data sensing element is used for the mobile payment data through the signature of described SD card after the described virtual output file reading encrypted;
First decrypting device is used for the mobile payment data of the signature after the described encryption are decrypted processing;
The signed data transmitting element is used for the mobile payment data of the signature after the deciphering are sent to described bank server through cordless communication network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110008673 CN102118745B (en) | 2011-01-14 | 2011-01-14 | Method and device for secure encryption for mobile payment data, and mobile phone |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110008673 CN102118745B (en) | 2011-01-14 | 2011-01-14 | Method and device for secure encryption for mobile payment data, and mobile phone |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102118745A true CN102118745A (en) | 2011-07-06 |
| CN102118745B CN102118745B (en) | 2013-10-16 |
Family
ID=44217303
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110008673 Active CN102118745B (en) | 2011-01-14 | 2011-01-14 | Method and device for secure encryption for mobile payment data, and mobile phone |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102118745B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014063546A1 (en) * | 2012-10-25 | 2014-05-01 | 中国银联股份有限公司 | Method and device for processing data access request coming from mobile terminal |
| CN103996117A (en) * | 2014-05-28 | 2014-08-20 | 天地融科技股份有限公司 | Safety mobile phone |
| CN104767712A (en) * | 2014-01-03 | 2015-07-08 | 中国银联股份有限公司 | Equipment for safety information interaction and safety browser |
| TWI563455B (en) * | 2014-11-26 | 2016-12-21 | hong-jian Zhou | |
| CN106570417A (en) * | 2016-10-28 | 2017-04-19 | 郑建钦 | Data security storage method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030140009A1 (en) * | 2001-04-19 | 2003-07-24 | Takaaki Namba | License management system, license management device, relay device and terminal device |
| CN101127954A (en) * | 2007-09-21 | 2008-02-20 | 冯卫东 | A method for transmitting data via mobile phone dialing communication or GRPS packet communication technology |
| CN101789088A (en) * | 2010-02-04 | 2010-07-28 | 北京中数威利超导微电子科技有限公司 | SD card with payment function |
| CN101916388A (en) * | 2010-07-27 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Smart SD card and method for using same for mobile payment |
-
2011
- 2011-01-14 CN CN 201110008673 patent/CN102118745B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030140009A1 (en) * | 2001-04-19 | 2003-07-24 | Takaaki Namba | License management system, license management device, relay device and terminal device |
| CN101127954A (en) * | 2007-09-21 | 2008-02-20 | 冯卫东 | A method for transmitting data via mobile phone dialing communication or GRPS packet communication technology |
| CN101789088A (en) * | 2010-02-04 | 2010-07-28 | 北京中数威利超导微电子科技有限公司 | SD card with payment function |
| CN101916388A (en) * | 2010-07-27 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Smart SD card and method for using same for mobile payment |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014063546A1 (en) * | 2012-10-25 | 2014-05-01 | 中国银联股份有限公司 | Method and device for processing data access request coming from mobile terminal |
| CN104767712A (en) * | 2014-01-03 | 2015-07-08 | 中国银联股份有限公司 | Equipment for safety information interaction and safety browser |
| CN103996117A (en) * | 2014-05-28 | 2014-08-20 | 天地融科技股份有限公司 | Safety mobile phone |
| CN103996117B (en) * | 2014-05-28 | 2017-09-19 | 天地融科技股份有限公司 | Safe mobile phone |
| TWI563455B (en) * | 2014-11-26 | 2016-12-21 | hong-jian Zhou | |
| CN106570417A (en) * | 2016-10-28 | 2017-04-19 | 郑建钦 | Data security storage method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102118745B (en) | 2013-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102315942B (en) | Security terminal with Bluetooth and communication method thereof of security terminal and client end | |
| CN101916388B (en) | Smart SD card and method for using same for mobile payment | |
| CN201936334U (en) | Mobile payment data secure digital card | |
| JP5562964B2 (en) | Contactless authentication system and method used for settlement | |
| KR20160024185A (en) | Management system and method of crytocurrency using secure element | |
| CN104380652A (en) | Multi-issuer secure element partition architecture for NFC enabled devices | |
| CA2914956C (en) | System and method for encryption | |
| CN108282466A (en) | Method, system for providing digital certificate functionality in TEE | |
| CN103996117B (en) | Safe mobile phone | |
| CN104978144A (en) | Gesture password input device and system and method for transaction based on system | |
| CN102118745B (en) | Method and device for secure encryption for mobile payment data, and mobile phone | |
| CN103955733A (en) | Electronic identity card chip card, card reader and electronic identity card verification system and method | |
| CN103684786A (en) | Method and system for storing digital certificate and binding digital certificate to hardware carrier | |
| CN102667800A (en) | Method for securely interacting with a security element | |
| WO2012072022A1 (en) | Remote payment method | |
| CN101587458A (en) | Operation method and device for intelligent storing card | |
| CN200993803Y (en) | Internet banking system safety terminal | |
| CN101571926A (en) | Safe read-write device for IC cards and method for using same | |
| CN101206779A (en) | Online banking system safety terminal and data safety processing method thereof | |
| CN103186805A (en) | Smart card and signature authentication method based on smart card | |
| CN103873245B (en) | Dummy machine system data ciphering method and equipment | |
| CN101841806A (en) | Service card information processing method, device and system and communication terminal | |
| CN203799402U (en) | Electronic identification card chip card, card reader, electronic identification card authentication system | |
| CN204759393U (en) | Gesture password input device and system | |
| JP2003158513A (en) | Ic card, its writing method and apparatus, and ic card system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |